CVE-2024-4854

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-4854
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4854.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-4854
Downstream
Related
Published
2024-05-14T00:03:12.486Z
Modified
2026-03-14T12:41:21.012270Z
Severity
  • 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H CVSS Calculator
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Details

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4854.json",
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-835"
    ]
}
References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
3a34e44d02c9c91f9f851bd6f29ff4505131b127
Last affected
52c2c38eb3d909756ba2536beeac7bda33e80a49
Introduced
0cbe09cd796b2ea24c6069b76ea16df7f51cf67b
Last affected
c1fcda4ca0fbe25deb896243c5ec8dfaeedd3092
Introduced
54eedfc63953c8180b5a9c60015917cce7a2548a
Last affected
1fe5bce8d665c0d64e1af63545421c67596db165
Database specific 
{
    "versions": [
        {
            "introduced": "3.6.0"
        },
        {
            "last_affected": "3.6.22"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.0.14"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "last_affected": "4.2.4"
        }
    ]
}

Affected versions

v3.*
v3.6.0
v3.6.1
v3.6.10
v3.6.10rc0
v3.6.11
v3.6.11rc0
v3.6.12
v3.6.12rc0
v3.6.13
v3.6.13rc0
v3.6.14
v3.6.14rc0
v3.6.15
v3.6.15rc0
v3.6.16
v3.6.16rc0
v3.6.17
v3.6.17rc0
v3.6.18
v3.6.18rc0
v3.6.19
v3.6.19rc0
v3.6.1rc0
v3.6.2
v3.6.20
v3.6.20rc0
v3.6.21
v3.6.21rc0
v3.6.22
v3.6.22rc0
v3.6.2rc0
v3.6.3
v3.6.3rc0
v3.6.4
v3.6.4rc0
v3.6.5
v3.6.5rc0
v3.6.6
v3.6.6rc0
v3.6.7
v3.6.7rc0
v3.6.8
v3.6.8rc0
v3.6.9
v3.6.9rc0
v4.*
v4.0.0
v4.0.1
v4.0.10
v4.0.10rc0
v4.0.11
v4.0.11rc0
v4.0.12
v4.0.12rc0
v4.0.13
v4.0.13rc0
v4.0.14
v4.0.14rc0
v4.0.1rc0
v4.0.2
v4.0.2rc0
v4.0.3
v4.0.3rc0
v4.0.4
v4.0.4rc0
v4.0.5
v4.0.5rc0
v4.0.6
v4.0.6rc0
v4.0.7
v4.0.7rc0
v4.0.8
v4.0.8rc0
v4.0.9
v4.0.9rc0
v4.2.0
v4.2.1
v4.2.1rc0
v4.2.2
v4.2.2rc0
v4.2.3
v4.2.3rc0
v4.2.4
v4.2.4rc0
wireshark-3.*
wireshark-3.6.0
wireshark-3.6.1
wireshark-3.6.10
wireshark-3.6.11
wireshark-3.6.12
wireshark-3.6.13
wireshark-3.6.14
wireshark-3.6.15
wireshark-3.6.16
wireshark-3.6.17
wireshark-3.6.18
wireshark-3.6.19
wireshark-3.6.2
wireshark-3.6.20
wireshark-3.6.21
wireshark-3.6.22
wireshark-3.6.3
wireshark-3.6.4
wireshark-3.6.5
wireshark-3.6.6
wireshark-3.6.7
wireshark-3.6.8
wireshark-3.6.9
wireshark-4.*
wireshark-4.0.0
wireshark-4.0.1
wireshark-4.0.10
wireshark-4.0.11
wireshark-4.0.12
wireshark-4.0.13
wireshark-4.0.14
wireshark-4.0.2
wireshark-4.0.3
wireshark-4.0.4
wireshark-4.0.5
wireshark-4.0.6
wireshark-4.0.7
wireshark-4.0.8
wireshark-4.0.9
wireshark-4.2.0
wireshark-4.2.1
wireshark-4.2.2
wireshark-4.2.3
wireshark-4.2.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4854.json"

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
54eedfc63953c8180b5a9c60015917cce7a2548a
Fixed
4aa814ac25a18ea48d4002351ed45d4b245b0c08
Database specific 
{
    "versions": [
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0cbe09cd796b2ea24c6069b76ea16df7f51cf67b
Fixed
10bc5ded73f3403769d4a6e1a2438a776373aa8a
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.15"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
3a34e44d02c9c91f9f851bd6f29ff4505131b127
Fixed
8b52657fa4eeda249e007bf0441f26d9ead63e47
Database specific 
{
    "versions": [
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.23"
        }
    ]
}

Affected versions

v3.*
v3.6.0
v3.6.1
v3.6.10
v3.6.10rc0
v3.6.11
v3.6.11rc0
v3.6.12
v3.6.12rc0
v3.6.13
v3.6.13rc0
v3.6.14
v3.6.14rc0
v3.6.15
v3.6.15rc0
v3.6.16
v3.6.16rc0
v3.6.17
v3.6.17rc0
v3.6.18
v3.6.18rc0
v3.6.19
v3.6.19rc0
v3.6.1rc0
v3.6.2
v3.6.20
v3.6.20rc0
v3.6.21
v3.6.21rc0
v3.6.22
v3.6.22rc0
v3.6.23rc0
v3.6.2rc0
v3.6.3
v3.6.3rc0
v3.6.4
v3.6.4rc0
v3.6.5
v3.6.5rc0
v3.6.6
v3.6.6rc0
v3.6.7
v3.6.7rc0
v3.6.8
v3.6.8rc0
v3.6.9
v3.6.9rc0
v4.*
v4.0.0
v4.0.1
v4.0.10
v4.0.10rc0
v4.0.11
v4.0.11rc0
v4.0.12
v4.0.12rc0
v4.0.13
v4.0.13rc0
v4.0.14
v4.0.14rc0
v4.0.15rc0
v4.0.1rc0
v4.0.2
v4.0.2rc0
v4.0.3
v4.0.3rc0
v4.0.4
v4.0.4rc0
v4.0.5
v4.0.5rc0
v4.0.6
v4.0.6rc0
v4.0.7
v4.0.7rc0
v4.0.8
v4.0.8rc0
v4.0.9
v4.0.9rc0
v4.2.0
v4.2.1
v4.2.1rc0
v4.2.2
v4.2.2rc0
v4.2.3
v4.2.3rc0
v4.2.4
v4.2.4rc0
v4.2.5rc0
wireshark-3.*
wireshark-3.6.0
wireshark-3.6.1
wireshark-3.6.10
wireshark-3.6.11
wireshark-3.6.12
wireshark-3.6.13
wireshark-3.6.14
wireshark-3.6.15
wireshark-3.6.16
wireshark-3.6.17
wireshark-3.6.18
wireshark-3.6.19
wireshark-3.6.2
wireshark-3.6.20
wireshark-3.6.21
wireshark-3.6.22
wireshark-3.6.3
wireshark-3.6.4
wireshark-3.6.5
wireshark-3.6.6
wireshark-3.6.7
wireshark-3.6.8
wireshark-3.6.9
wireshark-4.*
wireshark-4.0.0
wireshark-4.0.1
wireshark-4.0.10
wireshark-4.0.11
wireshark-4.0.12
wireshark-4.0.13
wireshark-4.0.14
wireshark-4.0.2
wireshark-4.0.3
wireshark-4.0.4
wireshark-4.0.5
wireshark-4.0.6
wireshark-4.0.7
wireshark-4.0.8
wireshark-4.0.9
wireshark-4.2.0
wireshark-4.2.1
wireshark-4.2.2
wireshark-4.2.3
wireshark-4.2.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4854.json"